Infrastructure/verdaccio
0
Fork 0
mirror of https://github.com/verdaccio/verdaccio.git synced 2025-03-18 02:22:46 -05:00
Code Issues Activity

fix: answer with 401 instead of 403 when no credentials were sent (#1109)

Browse source 
fixes #1105
This commit is contained in:
Michael K 2018-11-15 20:14:56 +01:00 committed by Juan Picado @jotadeveloper
parent ae20bd3382
commit 4e3455157c
3 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/lib/auth-utils.js
View file

@ -17,7 +17,7 @@ export function allow_action(action: string) {
if (name) {
callback(ErrorCode.getForbidden(`user ${name} is not allowed to ${action} package ${pkg.name}`));
} else {
callback(ErrorCode.getForbidden(`unregistered users are not allowed to ${action} package ${pkg.name}`));
callback(ErrorCode.getUnauthorized(`authorization required to ${action} package ${pkg.name}`));
}
};
}

3
src/lib/utils.js
View file

@ -404,6 +404,9 @@ const ErrorCode = {
? createError(HTTP_STATUS.INTERNAL_ERROR, customMessage)
: createError(HTTP_STATUS.INTERNAL_ERROR);
},
getUnauthorized: (message: string = 'no credentials provided') => {
return createError(HTTP_STATUS.UNAUTHORIZED, message);
},
getForbidden: (message: string = 'can\'t use this filename') => {
return createError(HTTP_STATUS.FORBIDDEN, message);
},

8
test/unit/api/api.spec.js
View file

@ -106,7 +106,7 @@ describe('endpoint unit test', () => {
.expect(HTTP_STATUS.FORBIDDEN)
.end(function(err, res) {
expect(res.body.error).toBeDefined();
expect(res.body.error).toMatch(/unregistered users are not allowed to access package auth-package/);
expect(res.body.error).toMatch(/authorization required to access package auth-package/);
done();
});
});
@ -119,7 +119,7 @@ describe('endpoint unit test', () => {
.expect(HTTP_STATUS.FORBIDDEN)
.end(function(err, res) {
expect(res.body.error).toBeDefined();
expect(res.body.error).toMatch(/unregistered users are not allowed to access package auth-package/);
expect(res.body.error).toMatch(/authorization required to access package auth-package/);
done();
});
});
@ -132,7 +132,7 @@ describe('endpoint unit test', () => {
.expect(HTTP_STATUS.FORBIDDEN)
.end(function(err, res) {
expect(res.body.error).toBeDefined();
expect(res.body.error).toMatch(/unregistered users are not allowed to access package auth-package/);
expect(res.body.error).toMatch(/authorization required to access package auth-package/);
done();
});
});
@ -363,7 +363,7 @@ describe('endpoint unit test', () => {
.get('/forbidden-place')
.set(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
.expect(HEADER_TYPE.CONTENT_TYPE, HEADERS.JSON_CHARSET)
.expect(HTTP_STATUS.FORBIDDEN)
.expect(HTTP_STATUS.UNAUTHORIZED)
.end(function(err) {
if (err) {
return done(err);